[Bug 194646] [NEW] Please sync xine-lib (main) from Debian unstable (main)

Reinhard Tartler siretart at tauware.de
Sat Feb 23 07:06:27 GMT 2008 

Public bug reported:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 affects ubuntu/xine-lib
 status confirmed
 subscribe ubuntu-archive

Please sync xine-lib (main) from Debian unstable (main).
Changelog since current hardy version 1.1.10-1build1:

xine-lib (1.1.10.1-2) unstable; urgency=low

  [Darren Salt]
  * libxine-dev: backport an m4 version-parsing fix from hg.
  * Fixed an off-by-one (introduced in the security fix) which breaks
    playback of some FLAC files. (Closes: #466746)
  * Versioned build-dep on libmagick9-dev (for libmagick10). (Closes: #466681)
    Add libmagick-dev as an alternative, with the same version requirement.

 -- Darren Salt <linux at youmustbejoking.demon.co.uk>  Wed, 20 Feb 2008
23:43:05 +0000

xine-lib (1.1.10.1-1) unstable; urgency=high

  * New upstream release.
    - CVE-2008-0486: Array index vulnerability which may allow remote
      attackers to execute arbitrary code via a crafted FLAC tag, which
      triggers a buffer overflow. (Closes: #464696)
    - Real codec detection was looking in the wrong places. (Closes: #462964)

  [Darren Salt]
  * Add pkg-config dependency to libxine-dev, fixing xine-plugin FTBFS.
    (Closes: #464178, #464321)
  * Put libxine1-doc back into section doc until somewhere better is created
    for it. (Closes: #462710)
  * No longer build-conflict with libxine-dev from xine-lib-1.2. This is no
    longer needed due to link order changes.

 -- Darren Salt <linux at youmustbejoking.demon.co.uk>  Fri, 08 Feb 2008
17:25:21 +0000


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Debian Powered!

iD8DBQFHv8XimAg1RJRTSKQRAhhHAJ9Jbp6s7hyzO6H+LXO91XQHFtr3swCeP0py
FZ8QvnhNaeb1J8kN+IDAR1I=
=O1C3
-----END PGP SIGNATURE-----

** Affects: xine-lib (Ubuntu)
     Importance: Undecided
         Status: Confirmed

-- 
Please sync xine-lib (main) from Debian unstable (main)
https://bugs.launchpad.net/bugs/194646
You received this bug notification because you are a member of Ubuntu
Package Archive Administrators, which is a direct subscriber.

More information about the ubuntu-archive mailing list